diff options
Diffstat (limited to 'lib')
-rwxr-xr-x | lib/Vyatta/IpTables/AddressFilter.pm | 43 | ||||
-rw-r--r-- | lib/Vyatta/IpTables/Rule.pm | 6 |
2 files changed, 45 insertions, 4 deletions
diff --git a/lib/Vyatta/IpTables/AddressFilter.pm b/lib/Vyatta/IpTables/AddressFilter.pm index f2a60e6..3689ee2 100755 --- a/lib/Vyatta/IpTables/AddressFilter.pm +++ b/lib/Vyatta/IpTables/AddressFilter.pm @@ -44,6 +44,7 @@ my %fields = ( _port => undef, _protocol => undef, _src_mac => undef, + _name => undef, ); sub new { @@ -63,6 +64,8 @@ sub setup { $config->setLevel("$level"); + $self->{_name} = $config->returnParent(".. .. .. .. .."); + # setup needed parent nodes $self->{_srcdst} = $config->returnParent(".."); $self->{_protocol} = $config->returnValue(".. protocol"); @@ -95,6 +98,8 @@ sub setupOrig { $config->setLevel("$level"); + $self->{_name} = $config->returnParent(".. .. .. .. .."); + # setup needed parent nodes $self->{_srcdst} = $config->returnParent(".."); $self->{_protocol} = $config->returnOrigValue(".. protocol"); @@ -140,6 +145,30 @@ sub rule { my ($self) = @_; my $rule = ""; my $can_use_port = 1; + + my $addr_checker; + my $prefix_checker; + my $ip_term; + my $prefix_term; + + if (($self->{_name} eq "name") || ($self->{_name} eq "modify")) { + # This is an IPv4 rule + + $addr_checker = 'ipv4_negate'; + $prefix_checker = 'ipv4net_negate'; + $ip_term = "IPv4"; + $prefix_term = "subnet"; + } elsif (($self->{_name} eq "ipv6-name") || + ($self->{_name} eq "ipv6-modify")) { + # This is an IPv6 rule + + $addr_checker = 'ipv6_negate'; + $prefix_checker = 'ipv6net_negate'; + $ip_term = "IPv6"; + $prefix_term = "prefix" + } else { + return (undef, "Invalid firewall tree: $self->{_name}"); + } if (!defined($self->{_protocol}) || !defined($_protocolswithports{$self->{_protocol}})) { @@ -156,17 +185,18 @@ sub rule { # set the address filter parameters if (defined($self->{_network})) { my $str = $self->{_network}; - return (undef, "\"$str\" is not a valid IP subnet") - if (!Vyatta::TypeChecker::validateType('ipv4net_negate', $str, 1)); + return (undef, "\"$str\" is not a valid $ip_term $prefix_term") + if (!Vyatta::TypeChecker::validateType($prefix_checker, $str, 1)); $str =~ s/^\!(.*)$/! $1/; $rule .= "--$self->{_srcdst} $str "; } elsif (defined($self->{_address})) { my $str = $self->{_address}; - return (undef, "\"$str\" is not a valid IP address") - if (!Vyatta::TypeChecker::validateType('ipv4_negate', $str, 1)); + return (undef, "\"$str\" is not a valid $ip_term address") + if (!Vyatta::TypeChecker::validateType($addr_checker, $str, 1)); $str =~ s/^\!(.*)$/! $1/; $rule .= "--$self->{_srcdst} $str "; } elsif ((defined $self->{_range_start}) && (defined $self->{_range_stop})) { + # Ranges are supported for IPv4 only my $start = $self->{_range_start}; my $stop = $self->{_range_stop}; return (undef, "\"$start-$stop\" is not a valid IP range") @@ -209,3 +239,8 @@ sub outputXml { outputXmlElem("${prefix}_port", $self->{_port}, $fh); } +# Local Variables: +# mode: perl +# indent-tabs-mode: nil +# perl-indent-level: 2 +# End: diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm index 23755a6..a53b167 100644 --- a/lib/Vyatta/IpTables/Rule.pm +++ b/lib/Vyatta/IpTables/Rule.pm @@ -581,3 +581,9 @@ Date should use yyyy-mm-dd format and lie in between 1970-01-01 and 2038-01-19") } 1; + +# Local Variables: +# mode: perl +# indent-tabs-mode: nil +# perl-indent-level: 2 +# End: |